Hacking Back: Using Genetic Algorithms to Outsmart Hackers
- 1 Computer Science Department, The University of Jordan, Amman, Jordan
- 2 Artificial Intelligence Department, The University of Jordan, Amman, Jordan
- 3 Information Technology College, Lusail University, Lusail, Qatar
- 4 Networks and Cybersecurity Department, Hourani Center for Applied Scientific Research, Al-Ahliyya Amman University, Amman, Jordan
- 5 School of Computer Science, Taylor's University, Subang Jaya, Malaysia
Abstract
Web applications are widely used in today's digital landscape, necessitating robust security measures to protect against unauthorized access by malicious users. Ensuring the security of these applications requires effectively identifying and addressing vulnerabilities. This paper proposes an automated methodology for vulnerability detection, utilizing a genetic algorithm to generate test cases, which offers greater efficiency and performance compared to resource-intensive and time-consuming manual approaches. Our research highlights the effectiveness of genetic algorithms as test data generators, leveraging insights from previous studies. Given the varying severity of Structured Query Language (SQL) injection attacks, those capable of executing destructive commands, such as the "drop" command, pose a more significant threat than those that merely disclose information. We employ both white-box and black-box testing methodologies to detect SQL injection vulnerabilities. Black box testing is utilized when the source code is unavailable, while white box testing is applied when the source code is accessible. Our findings suggest that white box testing, particularly static analysis, is more effective in identifying vulnerabilities. This study aims to enhance web application security by utilizing genetic algorithms to generate optimal test cases for vulnerability detection, providing a comprehensive approach that integrates white-box and black-box testing.
DOI: https://doi.org/10.3844/jcssp.2025.2049.2064
Copyright: © 2025 Ghosoun Al Hindi, Mohammad Alshraideh, Abdelrahman H. Hussein, Lubna Fayez Eliyan and Arafat Al-Dhaqm. This is an open access article distributed under the terms of the
Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original author and source are credited.
- 309 Views
- 139 Downloads
- 0 Citations
Download
Keywords
- Web Application
- Vulnerabilities
- Test Cases
- Detection
- SQLI Vulnerability
- Attacker
- White-box Testing
- Black-box Testing
- Genetic Algorithm